luci-firewall: Add support for negations for ip addresses/nets (#218)
This commit is contained in:
Manuel Munz
parent
5a1e9354b4
commit
bb2d7517eb
5 changed files with 30 additions and 6 deletions
|
|
@ -121,7 +121,7 @@ src_mac.placeholder = translate("any")
|
||||||
|
|
||||||
src_ip = s:taboption("advanced", Value, "src_ip", translate("Source IP address"))
|
src_ip = s:taboption("advanced", Value, "src_ip", translate("Source IP address"))
|
||||||
src_ip.optional = true
|
src_ip.optional = true
|
||||||
src_ip.datatype = "ip4addr"
|
src_ip.datatype = "neg_ip4addr"
|
||||||
src_ip.placeholder = translate("any")
|
src_ip.placeholder = translate("any")
|
||||||
|
|
||||||
sport = s:taboption("advanced", Value, "src_port", translate("Source port"),
|
sport = s:taboption("advanced", Value, "src_port", translate("Source port"),
|
||||||
|
|
|
||||||
|
|
@ -106,7 +106,7 @@ icmpt:value("address-mask-reply")
|
||||||
|
|
||||||
src_ip = s:taboption("general", Value, "src_ip", translate("Source address"))
|
src_ip = s:taboption("general", Value, "src_ip", translate("Source address"))
|
||||||
src_ip.optional = true
|
src_ip.optional = true
|
||||||
src_ip.datatype = has_v2 and "ipaddr" or "ip4addr"
|
src_ip.datatype = has_v2 and "neg_ipaddr" or "neg_ip4addr"
|
||||||
src_ip.placeholder = translate("any")
|
src_ip.placeholder = translate("any")
|
||||||
|
|
||||||
sport = s:taboption("general", Value, "src_port", translate("Source port"))
|
sport = s:taboption("general", Value, "src_port", translate("Source port"))
|
||||||
|
|
@ -119,7 +119,7 @@ sport:depends("proto", "tcpudp")
|
||||||
|
|
||||||
dest_ip = s:taboption("general", Value, "dest_ip", translate("Destination address"))
|
dest_ip = s:taboption("general", Value, "dest_ip", translate("Destination address"))
|
||||||
dest_ip.optional = true
|
dest_ip.optional = true
|
||||||
dest_ip.datatype = has_v2 and "ipaddr" or "ip4addr"
|
dest_ip.datatype = has_v2 and "neg_ipaddr" or "neg_ip4addr"
|
||||||
dest_ip.placeholder = translate("any")
|
dest_ip.placeholder = translate("any")
|
||||||
|
|
||||||
dport = s:taboption("general", Value, "dest_port", translate("Destination port"))
|
dport = s:taboption("general", Value, "dest_port", translate("Destination port"))
|
||||||
|
|
|
||||||
|
|
@ -129,7 +129,7 @@ msrc = s:taboption("advanced", DynamicList, "masq_src",
|
||||||
translate("Restrict Masquerading to given source subnets"))
|
translate("Restrict Masquerading to given source subnets"))
|
||||||
|
|
||||||
msrc.optional = true
|
msrc.optional = true
|
||||||
msrc.datatype = "ip4addr"
|
msrc.datatype = "neg_ip4addr"
|
||||||
msrc.placeholder = "0.0.0.0/0"
|
msrc.placeholder = "0.0.0.0/0"
|
||||||
msrc:depends("family", "")
|
msrc:depends("family", "")
|
||||||
msrc:depends("family", "ipv4")
|
msrc:depends("family", "ipv4")
|
||||||
|
|
@ -138,7 +138,7 @@ mdest = s:taboption("advanced", DynamicList, "masq_dest",
|
||||||
translate("Restrict Masquerading to given destination subnets"))
|
translate("Restrict Masquerading to given destination subnets"))
|
||||||
|
|
||||||
mdest.optional = true
|
mdest.optional = true
|
||||||
mdest.datatype = "ip4addr"
|
mdest.datatype = "neg_ip4addr"
|
||||||
mdest.placeholder = "0.0.0.0/0"
|
mdest.placeholder = "0.0.0.0/0"
|
||||||
mdest:depends("family", "")
|
mdest:depends("family", "")
|
||||||
mdest:depends("family", "ipv4")
|
mdest:depends("family", "ipv4")
|
||||||
|
|
|
||||||
|
|
@ -42,6 +42,11 @@ var cbi_validators = {
|
||||||
return cbi_validators.ip4addr(v) || cbi_validators.ip6addr(v);
|
return cbi_validators.ip4addr(v) || cbi_validators.ip6addr(v);
|
||||||
},
|
},
|
||||||
|
|
||||||
|
'neg_ipaddr': function(v)
|
||||||
|
{
|
||||||
|
return cbi_validators.ip4addr(v.replace(/^\s*!/, "")) || cbi_validators.ip6addr(v.replace(/^\s*!/, ""));
|
||||||
|
},
|
||||||
|
|
||||||
'ip4addr': function(v)
|
'ip4addr': function(v)
|
||||||
{
|
{
|
||||||
if( v.match(/^(\d+)\.(\d+)\.(\d+)\.(\d+)(\/(\d+))?$/) )
|
if( v.match(/^(\d+)\.(\d+)\.(\d+)\.(\d+)(\/(\d+))?$/) )
|
||||||
|
|
@ -57,6 +62,11 @@ var cbi_validators = {
|
||||||
return false;
|
return false;
|
||||||
},
|
},
|
||||||
|
|
||||||
|
'neg_ip4addr': function(v)
|
||||||
|
{
|
||||||
|
return cbi_validators.ip4addr(v.replace(/^\s*!/, ""));
|
||||||
|
},
|
||||||
|
|
||||||
'ip6addr': function(v)
|
'ip6addr': function(v)
|
||||||
{
|
{
|
||||||
if( v.match(/^([a-fA-F0-9:.]+)(\/(\d+))?$/) )
|
if( v.match(/^([a-fA-F0-9:.]+)(\/(\d+))?$/) )
|
||||||
|
|
|
||||||
|
|
@ -17,8 +17,8 @@ local fs = require "nixio.fs"
|
||||||
local ip = require "luci.ip"
|
local ip = require "luci.ip"
|
||||||
local math = require "math"
|
local math = require "math"
|
||||||
local util = require "luci.util"
|
local util = require "luci.util"
|
||||||
|
local tonumber, type = tonumber, type
|
||||||
|
|
||||||
local tonumber = tonumber
|
|
||||||
|
|
||||||
module "luci.cbi.datatypes"
|
module "luci.cbi.datatypes"
|
||||||
|
|
||||||
|
|
@ -66,6 +66,13 @@ function ipaddr(val)
|
||||||
return ip4addr(val) or ip6addr(val)
|
return ip4addr(val) or ip6addr(val)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
function neg_ipaddr(v)
|
||||||
|
if type(v) == "string" then
|
||||||
|
v = v:gsub("^%s*!", "")
|
||||||
|
end
|
||||||
|
return v and ipaddr(v)
|
||||||
|
end
|
||||||
|
|
||||||
function ip4addr(val)
|
function ip4addr(val)
|
||||||
if val then
|
if val then
|
||||||
return ip.IPv4(val) and true or false
|
return ip.IPv4(val) and true or false
|
||||||
|
|
@ -74,6 +81,13 @@ function ip4addr(val)
|
||||||
return false
|
return false
|
||||||
end
|
end
|
||||||
|
|
||||||
|
function neg_ip4addr(v)
|
||||||
|
if type(v) == "string" then
|
||||||
|
v = v:gsub("^%s*!", "")
|
||||||
|
end
|
||||||
|
return v and ip4addr(v)
|
||||||
|
end
|
||||||
|
|
||||||
function ip4prefix(val)
|
function ip4prefix(val)
|
||||||
val = tonumber(val)
|
val = tonumber(val)
|
||||||
return ( val and val >= 0 and val <= 32 )
|
return ( val and val >= 0 and val <= 32 )
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue